Leo Famulari <leo@famulari.name> writes:

> On Mon, May 08, 2017 at 05:10:28PM -0400, Kei Kebreau wrote:
>> Leo Famulari <leo@famulari.name> writes:
>> 
>> > On Mon, May 08, 2017 at 03:07:14PM -0400, Kei Kebreau wrote:
>> >> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> >> 
>> >> * gnu/packages/backup.scm (libarchive): Update to 3.3.1.
>> >
>> > Thanks!
>> >
>> > Can you use a graft instead? Then, the commit message can be like this:
>> >
>> > gnu: libarchive: Replace with 3.3.1 [security fixes].
>> >
>> > Fixes CVE-2016-{10209,10350}, CVE-2017-5601.
>> >
>> > * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> > (libarchive-3.3.1): New variable.
>> 
>> Like the patch I've attached?
>
>> From 45d3157bb61bb8b5f26ff13feb672759b6043e6f Mon Sep 17 00:00:00 2001
>> From: Kei Kebreau <kei@openmailbox.org>
>> Date: Mon, 8 May 2017 14:58:07 -0400
>> Subject: [PATCH] gnu: libarchive: Replace with 3.3.1 [security fixes].
>> To: 26836@debbugs.gnu.org
>> 
>> Fixes CVE-2016-{10209,10350} and CVE-2017-5601.
>> 
>> * gnu/packages/backup.scm (libarchive)[replacement]: New field.
>> (libarchive-3.3.1): New variable.
>
> Thanks, LGTM!

Great! Pushed to master.